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REMARKS/ARGUMENTS 

In the pending Office Action, designated "Final", claims 1-16 and 20-22 were 
rejected under 35 U.S.C. § 103(a) as being unpatentable over U.S. Patent Publication No. 
2004/0044744 to Grosner in view of U.S. Patent No. 6,088,450 to Davis (claims 17-19 were 
canceled previously). In this Amendment After Final, which is being filed with a Request for 
Continued Examination (RCE), claims 1-14, 16, and 20-22 are canceled, and claim 15 is 
amended; new claims 23-33 are presented, including new independent claim 23 to a storage 
system and new independent claim 29 to an access control management method. The 
dependency of claim 1 5 has been changed to depend from claim 29 rather than canceled claim 
10. The new claims are supported by the specification as filed; no new matter has been added. 
Entry of the amendments, in accordance with the filing of the accompanying RCE, and 
reconsideration of the application as amended are requested. 
The Claims 

The invention relates to processing commands from a host computer for 
requesting access to a connected storage apparatus. The specification notes that, in storage 
systems, access can be managed based on MAC address information of a requesting host 
computer so that only authorized MAC addresses are granted access. Difficulties arise when a 
router is interposed between the host computer and a storage apparatus, because the MAC 
address of the router may be substituted into the request message sent to the storage apparatus, in 
accordance with network protocols (see, for example, the specification at page 4). Such 
difficulties may arise, for example, in the case of the iSCSI (Internet SCSI) technology. 

As recited in the independent claims (claims 23 and 29), the application is 
directed to a method and an apparatus for performing access management operations involving 
first, second, and third determinations. The operations of method claim 29 include: 

receiving an iSCSI login request transmitted from the host computer; 
determining a first determination as to whether or not a source address included in 

an IP header of the iSCSI login request is an IP address in the same 

segment as a port of the storage apparatus; 
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obtaining a MAC address assigned to the port of the host computer when the 
source address included in the IP header is not an IP address in the same 
network as the port of the storage apparatus as a result of the first 
determination; 

determining a second determination as to whether or not the MAC address has 
been cataloged in an access management table that defines the MAC 
addresses identifying the host computer; 

approving an access by said iSCSI login request from the host computer to the 
storage apparatus when the MAC address has been cataloged in the access 
management table as a result of said second determination; 

determining a third determination as to whether or not a logical unit (LU) 
specified by the command has been cataloged in the access management 
table as the LU associated with the source IP address of a frame including 
the command; 

performing said second determination and said third determination in accordance 
with a source MAC address in the frame of iSCSI login request sent from 
said host computer and said access management table when the source IP 
address of the ISCSI login request is in the same segment as the port of its 
storage apparatus according to said first determination; and 

accessing to the LU to process the command when said LU has been cataloged in 
the access management tables as a result of the third determination. 

Claim 23 is an apparatus claim with analogous features to those recited above. 

Thus, the new independent claims are directed to three different determinations in 
processing an access request. The first determination involves determining whether or not a 
source address included in an IP header of the iSCSI login request is an IP address in the same 
segment as a port of the storage apparatus. If the first determination indicates the source address 
is not in the same segment as the storage apparatus, then a MAC address is obtained. The second 
determination involves determining whether or not the MAC address has been cataloged in an 
access management table that defines the MAC addresses identifying the host computer. If the 
second determination indicates the MAC address has been cataloged, then access by the iSCSI 
request is approved. Otherwise, the third determination indicates whether or not a logical unit 
(LU) specified by the command has been cataloged in the access management table as the LU 
associated with the source IP address of a frame including the command, so that access is 
permitted when the third determination indicates that the LU has been cataloged in the access 
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management table. Moreover, the second and third determinations are performed in accordance 
with a source MAC address in the frame of iSCSI login request sent from said host computer and 
said access management table when the source IP address of the iSCSI login request is in the 
same segment as the port of its storage apparatus according to said first determination. 

It is submitted that the new independent claims, both of which recite the features 
described above, are patentable over all of the cited references. 
The Cited References to Grosner and Davis 

In the Office Action, the claims were rejected as being unpatentable over Grosner 
in view of Davis. The rejected independent claims (1,10, and 22) have been cancelled, 
rendering their rejection moot. As noted above, the replacement independent claims (claims 23 
and 29) are patentable over the references. 

As noted at Grosner paragraph [0074], Grosner describes a storage switch device 
that interconnects storage devices and client devices. The Grosner device is installed in a storage 
network between data storage and enterprise networks (see paragraph [0092] of Grosner). 

The Office Action acknowledged that Grosner does not show "first determination 
means for determining whether or not a frame of a login request includes second information on 
identification of the host computer," and cited Davis for showing such features. The new 
independent claims, however, now recite a first determination of whether a source address in an 
IP header of an iSCSI login request is an IP address in the same segment as a port of the storage 
apparatus. This "first determination" is supported in the specification. See, for example, page 
23, lines 7-13 regarding step 1110 of Fig. 6. Grosner fails to show this "first determination" 
feature. 

The Office Action equated the password in Davis with the "first information", 
which is no longer recited in the claims, and asserted that it would be obvious to combine the 
challenge-response protocol of Davis with the security device authentication process of Grosner. 
Davis describes a wireless authentication system to control access to a computer by use of a 
special token device that must be in the possession of an authorized user who is located 
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physically close to the computer, to enable periodic challenge/response messages between the 
computer and the special token device (see Davis at col. 1, lines 24-28 and col. 2, lines 38-49). 

Applicant again asserts that there is no reason to combine the two disparate 
devices of Grosner and Davis. Grosner is a security device that is located in network 
infrastructure to manage access between client devices and network storage devices, whereas 
Davis uses a special token device (i.e., a portable physical unit , such as a fob) to control access to 
a single desktop computer such that the token must be in the possession of an authorized user 
who is in physical proximity to the computer being accessed. Anyone who has physical 
possession of the Davis token will be granted access to the desktop computer. In contrast, 
Grosner manages access in accordance with network (software) implementations. 

Even if Davis could somehow be combined with Grosner, and even if the 
challenge-response protocol of Davis could be combined with Grosner, the two would not 
provide the features of the claims including the three determinations above. For example, the 
combination would not provide the feature of receiving an iSCSI login request transmitted from 
the host computer (see box 1100 of Fig. 6 and page 23, lines 7-9 of the specification). It should 
also be apparent that Grosner and Davis would not provide the "first determination" feature of 
determining whether or not a source address in an IP header of an iSCSI login request is an IP 
address in the same segment as a port of the storage apparatus (see, for example, box 1110 of 
Fig. 6 and page 23, lines 9-13). Neither reference describes such processing. Thus, the proposed 
combination of Grosner and Davis is lacking at least one of the claimed features and therefore 
the combination does not render the independent claims obvious. 

Neither Grosner nor Davis, nor any other combination of the cited references, 
provides the other claimed features of claims 23 and 29. For example, the independent claims 
recite that a MAC address assigned to the port of the host computer is obtained if the source 
address in the IP header of the iSCSI login request is not in the same segment as a port of the 
storage apparatus. This feature is supported by, e.g., box 1120, 1130 of Fig. 6 and page 23, lines 
14-24 of the specification. The second determination of the claims relates to whether or not the 
MAC address has been cataloged in an access management table that defines the MAC address 
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identifying the host computer. See, e.g., box 1150 of Fig. 6 and page 24, lines 8-11. In another 
feature of the new independent claims, the host computer request for access via the iSCSI login 
request is approved when the second determination indicates that the MAC address has been 
cataloged in the access management table. See, e.g., box 1160 of Fig. 6 and page 24, lines 11- 
18. The third determination relates to whether or not an LU specified by the command from the 
host computer has been cataloged in the access management table as the LU associated with the 
source IP address of a frame including the command. See, e.g., box 1420 of Fig. 7 and box 1320 
of Fig. 8, and the specification at page 25, lines 2-8 and page 26, last four lines of the page. If 
the third determination indicates that the LU has been cataloged in the access management table, 
the host computer command for access is processed. See, e.g., box 1430 of Fig. 7 and box 1330 
of Fig. 8, and the specification at page 25, lines 8-14 and page 26, lines 1-6. An additional 
feature of the independent claims is that the second and third determinations are performed in 
accordance with a source MAC address in the frame of iSCSI login request sent from said host 
computer and said access management table when the source IP address of the iSCSI login 
request is in the same segment as the port of its storage apparatus according to said first 
determination. See, e.g., box 1110 and 1150 of Fig. 6 and box 1420 of Fig. 7 and box 1320 of 
Fig. 8 and accompanying text. 

Neither Grosman nor Davis shows all of these features of the independent claims. 
None of the other references of record make up for such deficiencies, and therefore no 
combination of references can provide these claimed features. Therefore, claims 23 and 29 are 
patentable. 

The dependent claims (15, 24-28, and 30-33) are patentable for at least the 

reasons above. 

CONCLUSION 

In view of the foregoing, Applicants believe all claims now pending in this 
Application (as amended by this Amendment After Final and the accompanying RCE) are in 
condition for allowance and an action to that end is respectfully requested. 
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If the Examiner believes a telephone conference would expedite prosecution of 



this application, please telephone the undersigned at 858-350-6100. 



TOWNSEND and TOWNSEND and CREW LLP 

Two Embarcadero Center, Eighth Floor 

San Francisco, California 941 1 1-3834 

Tel: 858-350-6100 

Fax:415-576-0300 

Attachments 

DAH:lmm 

61210474 v1 



Respectfully submitted, 




David A. Hall 
Reg. No. 32,233 
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